Tag: threat
-
Cribl Acquires CardinalOps In Move To Expand Into Security Operations
Cribl acquires CardinalOps in move to strengthen its presence in the cybersecurity space for threat detection, providing an alternative to legacy SIEM products. First seen on crn.com Jump to article: www.crn.com/news/security/2026/cribl-acquires-cardinalops-in-move-to-expand-into-security-operations
-
Nearly 300 GitHub repos pose as legit software to push malware
A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/
-
New macOS malware steals passwords by posing as Apple’s crash-reporting tool
Jamf Threat Labs has uncovered a new macOS infostealer named CrashStealer that disguises itself as Apple’s crash-reporting tool to steal passwords, Keychain data, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/14/crashstealer-macos-infostealer-password-theft/
-
How Pentera Turns AI Security Workflows into Validation Engines
AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data.That fragmentation matters because attackers do not move through environments one First seen on…
-
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials
At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry.The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad actors…
-
ANY.RUN Integrates Threat Intelligence and Interactive Sandbox to Streamline SOC Workflows
Security Operations Centers (SOCs) often encounter challenges that go beyond just managing alert volume. Each alert necessitates that analysts validate indicators, investigate behaviors, assess scope, decide on escalation paths, and create detections to prevent future occurrences. When these tasks rely on separate tools, crucial evidence can be lost during transitions, leading analysts to enrich the…
-
New MacOS Malware Exploits Legitimate Developer ID to Pose as Apple Crash Reporter
Researchers at Jamf Threat Labs detail CrashStealer, which steals passwords, cryptocurrency wallets and more First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/macos-malware-apple-crash-reporter/
-
[Video] Where protection starts: Cisco Talos Intelligence Integrations
Every day, defenders make high-consequence decisions with incomplete information. Learn how Cisco Talos Intelligence Integrations help reduce uncertainty by turning the latest threat intelligence into proactive protections across Cisco technologies. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/video-where-protection-starts-cisco-talos-intelligence-integrations/
-
CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper
New macOS infostealer CrashStealer uses a signed app to bypass Gatekeeper, steals credentials and wallets, then AES-encrypts stolen data. Jamf Threat Labs first spotted CrashStealer in early May 2026 as a suspicious macOS sample uploaded to VirusTotal. By early July, in-the-wild detections confirmed the malware had moved from development into active deployment. The malware is…
-
NSA Warns Russian State-Sponsored Hackers Exploiting Vulnerable Routers to Target Critical Infrastructure
Tags: access, advisory, cyber, cybersecurity, exploit, hacker, infrastructure, international, network, router, russia, threat, vulnerabilityThe U.S. National Security Agency (NSA) and international cybersecurity partners have issued a warning that Russian state-sponsored threat actors are actively exploiting vulnerable and poorly configured network routers to access organizations in critical infrastructure sectors. In a joint Cybersecurity Advisory (CSA) titled >>Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting,<< released on July 13,…
-
Hackers backdoor Jscrambler npm package with infostealer malware
The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been downloaded almost 1,500 times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-backdoor-jscrambler-npm-package-with-infostealer-malware/
-
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems.Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs.”It validates the victim’s login password locally before First seen on thehackernews.com Jump…
-
Torq and Criminal IP Partner to Deliver Decision-Ready Threat Intelligence for Autonomous SOC Operations
Torrance, California, USA, July 13th, 2026, CyberNewswire Criminal IP, the cyber threat intelligence search engine and attack surface management platform, today announced a new partnership and integration with Torq, the established agentic security operations leader. The partnership integrates Criminal IP’s decision-ready threat intelligence with the Torq AI SOC Platform that helps security teams triage, investigate,…
-
GigaWiper Lets Threat Actors Choose Their Own Destructive Attack
A modular implant borrows from various malware families to combine both backdoor and wiper activities to maximize impact and minimize operational output. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/gigawiper-threat-actors-choose-their-own-destructive-attack
-
âš¡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t file tickets.That’s the shape of this week. Trusted code turns on the people who…
-
Torq and Criminal IP Partner to Deliver Decision-Ready Threat Intelligence for Autonomous SOC Operations
Torrance, California, USA, 13th July 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/torq-and-criminal-ip-partner-to-deliver-decision-ready-threat-intelligence-for-autonomous-soc-operations/
-
Progress Urges ShareFile Shutdown Over ‘Credible’ Threat
Honeypot Records Exploitation Attempt Against Flaw Patched Earlier This Year. Progress Software has issued a security alert to all organizations using self-managed instances of ShareFile Storage Zone Controller, advising them to immediately power down their servers in light of a credible external security threat to their data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/progress-urges-sharefile-shutdown-over-credible-threat-a-32210
-
13th July Threat Intelligence Report
U.S. auto insurer AssuranceAmerica has disclosed a data breach affecting approximately 7 million people. Attackers targeted an employee and used compromised credentials to access company systems, stealing names, contact information, driver’s license […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/13th-july-threat-intelligence-report/
-
Progress Software Warns of External Security Threat to ShareFile
Progress Software, the provider of the popular file-sharing and data storage solutions, has urged customers to shut down the server hosting their Storage Zone Controller First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/progress-warns-security-threat/
-
Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers
A >>credible external security threat<< targeting Progress Software's ShareFile Storage Zone Controllers (SZC) the on-premises, customer-managed server … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/13/progress-sharefile-security-threat/
-
Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory
Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration.”The script looked for the Domain Controller (DC) and mapped users, computers, and domains, before creating a directory and exporting out a number of files, and finally creating AD_Report.html to measure the success of…
-
BusySnake Stealer Uses Reverse SSH Tunnels and AI-Generated Loaders to Evade Detection
Armored Likho, a previously undocumented threat group also tracked as Eagle Werewolf based on circumstantial evidence, is targeting government institutions and electric-power organizations across Russia, Brazil, and Kazakhstan with a new Python-based infostealer named BusySnake. The group’s activity reflects an unusual overlap between cyber-espionage and financially motivated operations. Armored Likho targets organizations for intelligence collection…
-
Spear-Phishing Campaign Uses Proton Drive Links and LNK Files to Deliver SpyGlace
The APT-C-60 threat actor has continued targeting Japanese organizations with a spear-phishing campaign that abuses Proton Drive, Windows shortcut files, trusted developer platforms, and native Windows utilities to deliver the SpyGlace malware. While the group retains several established tradecraft elements, including the abuse of legitimate services and the use of git.exe to execute malicious scripts,…
-
Progress Software warns ShareFile users of external security threat
First seen on scworld.com Jump to article: www.scworld.com/brief/progress-software-warns-sharefile-users-of-external-security-threat
-
Vibe-Coded Malware Caught in Active Directory Attack
Huntress found a threat actor using vibe-coded PowerShell to map an Active Directory network First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/vibe-coded-malware-ai-powershell/
-
Advens Threat Status Report 2025/2026 – So organisieren sich Ransomware-Gruppen
First seen on security-insider.de Jump to article: www.security-insider.de/ransomware-gruppen-allianzen-advens-report-2025-2026-a-87658a8cd400e3b7102f7f489fedf60d/
-
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy.According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first publicly spotted in the wild on May 21, 2026. It’s assessed to…
-
Nike Alleged Breach: Threat Actors Claim Leak of Millions of Customer Records
A threat actor on a prominent cybercrime forum has claimed responsibility for leaking data allegedly belonging to Nike and Alcon, posting the purported datasets for download. The claims, currently unverified, suggest a significant breach affecting millions of records across both organizations. Nike Alleged Breach According to the forum post, the threat actor alleges the Nike-related…
-
Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes
Fake apps like WireVPN and a trojanized 7-Zip turn victims’ devices into residential proxies, letting criminals route traffic through their IPs. Infoblox’s threat research team started pulling on a single thread in early 2026: a fake version of the 7-Zip archive utility hosted at 7zip[.]com instead of the real site, 7-zip[.]org. The researchers uncovered a…

